home

{blocked}.exe

Used Depth

South Quick

The application {blocked}.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from applicationgrabb.net.
Publisher:
South Quick

Product:
Used Depth

Description:
Copenhagen To

Version:
6.4.0.5

MD5:
50d206d5c289cfcebed043aa10119e7b

SHA-1:
0e09d40318c973bc367e3683b8f9288f49d74e18

SHA-256:
16f2d027f760bc2740e7b7fb76dd380452f19e43c955520aa387d5f839809382

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 11:51:59 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.MultiPlug.AD
878

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

AVG
Adware Generic5.BJRE
2014.0.4015

Bitdefender
Adware.MultiPlug.AD
1.0.20.1265

Bkav FE
HW32.Paked
1.3.0.4959

Dr.Web
BackDoor.Andromeda.459
9.0.1.05190

Emsisoft Anti-Malware
Adware.MultiPlug.AD
14.09.10

ESET NOD32
Win32/AdWare.MultiPlug.CB (variant)
8.10396

F-Secure
Adware.MultiPlug.AD
11.2014-10-09_4

G Data
Adware.MultiPlug.AD
14.9.24

K7 AntiVirus
Unwanted-Program
13.183.13305

Malwarebytes
PUP.Optional.MultiPlug
v2014.09.10.10

McAfee
MultiPlug
5600.7012

MicroWorld eScan
Adware.MultiPlug.AD
15.0.0.759

NANO AntiVirus
Trojan.Win32.Andromeda.denxcg
0.28.2.61942

nProtect
Adware.MultiPlug.AD
14.09.10.01

Panda Antivirus
PUP/TSUploader
14.09.11.12

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.10.23

Sophos
MultiPlug
4.98

File size:
841.5 KB (861,696 bytes)

Product version:
1.1.1.8

Copyright:
All rights reserved for South Quick LTD.

Original file name:
Family and Friends 1 Class CD2.ebta.exe

File type:
Executable application (Win32 EXE)

Language:
English (Wielka Brytania)

Common path:
C:\users\{user}\downloads\family and friends 1 class cd2.ebta.exe

File PE Metadata
Compilation timestamp:
8/28/2013 4:16:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:fTAYSWDfo46UibwVloSYLOaVg+Dv6/f7BB:f3SWDfJjbEyrW6/tB

Entry address:
0x16985

Entry point:
E8, 68, 43, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 13, 4D, 00, E8, E5, 10, 00, 00, E8, 35, 45, 00, 00, 0F, B7, F0, 6A, 02, E8, FB, 42, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 52, 0A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
131 KB (134,144 bytes)

The file {blocked}.exe has been seen being distributed by the following URL.

http://applicationgrabb.net/a1b9fe1267d45eefd08cc08639e5161a/turboimage/dl.php?id=1410009756908283163&r=http://newspapersons.biz/v2292/lp/?q=XMXF6WqhwGu2XKEG xn9CtaUmj93rv5nZxoTYa4ZzDkE UxB4CiueL5fUk2T0/ azIeO0eauYYTL7cNj2qrV9nxnDahhkibgYfDriEHA4v5/4hT6xAXKX6R 9QirPqhvFhaT0D92mFb1QXHX/PnV/uVOK1HSkDJT/iYLQcdlR8/t kCzG1Mff3IzGY7cU2cMKln fehWUBTxDKDUKOzgrvnw6JGhFVq9vFGhSe8evPE4PIH/oVVIFvbZR7nCVPYGUYQUce/.../CFWjDyG6Kj0hZmfLG08No54j4CMl8Hu9veFHNeVoZgs0Y17 nkk6U&__rnd=a48b35bc6f5b3b93086ce3098312188f

Remove {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.